Are you a member of the Splunk Community?
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Stream - initial configuration
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Stream - initial configuration
I want to use Stream to forward DNS to Splunk but I am having trouble with the initial configuration.
Info:
- running Splunk Enterprise on an onprem Windows Server. DNS servers are Windows DCs.
- installed Stream app and add-on on Splunk Enterprise server, add-on is installed on Windows DCs
Troubleshooting:
- when I go into the Stream app, it runs the set up and I get an error: Unable to establish connection to /en-us/custom/splunk_app_stream/ping/: End of file. Note: I am able to ping splunk server from DNS server and port 8000 is open on the Splunk server firewall.
- when I go into Configure Streams, DNS is enabled
- on the DNS server, /etc/apps/Splunk_TA_stream/local/inputs.conf file contains splunk_stream_app_location = https://SPLUNK-SERVERNAME:8000/en-us/custom/splunk_app_stream/
- on the DNS server, /etc/apps/Splunk_TA_stream/default/streamsfwd.conf file contains [streamfwd]
port = 8889 ipAddr = 127.0.0.1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @heathramos ,
From the DNS Server you can find possible ERROR logs around issue by going to $SPLUNK_HOME/var/log/splunk and search for file named streamfwd.log please check the ERROR and share here so we can help you with possible things.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @heathramos
You mentioned that you can ping the Splunk server and you are sure port 8000 is open, but please could you confirm you can reach the splunk server from DNS server by accessing https://SPLUNK-SERVERNAME:8000/en-us/custom/splunk_app_stream/ from the DNS server?
🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That URL doesn't work from the DNS server or the Splunk server
From DNS Server:
https://SPLUNK-SERVERNAME:8000/en-us/custom/splunk_app_stream/ returned a cert warning and if you click on continue, you get a 404 Not Found error page.
Tried https://SPLUNK-SERVERNAME.DOMAINNAME:8000/en-us/custom/splunk_app_stream/ but got same error
From Splunk Server:
https://SPLUNK-SERVERNAME:8000/en-us/custom/splunk_app_stream/ returned a cert warning and if you click on continue, you get a 404 Not Found error page.
https://localhost:8000/en-us/custom/splunk_app_stream/ returned a 404 Not Found error page.
Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...
Splunk Community Badges!
What You Read The Most: Splunk Lantern’s Most Popular Articles!
